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What is claimed is: 

1. A system including a processor, and a collection of resources interacting with 
said processor, said resources including at least a memory and a library of executable 
modules that are supportedlby an operating system, the improvement comprising: 

a plurality of processing stacks, each including at least one mediation module that 
processes an applied signal ib form a signal that is applied to said at least one resource of 
said collection of resources; and 

a service director module that intercepts requests of different types that are 
directed to said resources, classifies said requests in accordance with said types of said 
requests, and directs said requests to different ones of said processing stacks, based on 
said classifying. 



2. The system of claim 1 wherein said at least one resource to which said signal 
is applied develops an output signai^that is accepted by said at least one mediation 

15 module. 

3. The system of claim 1, wherein at least one processing stack of said plurality 
of processing stacks comprises an ordered sequence of at least two mediation modules. 

20 4. The system of claim 1, wherein said service director receives a request from 

an application that is active on said arrangement and applies said request to said at least 
one mediation module. 

5. The system of claim 4, wherein said mediation module receives a return signal 
25 from said at least one resource of said collection of resources, processes said return 

signal to form a processed return signal, and sends^aid processed return signal to said 
application. 

6. The system of claim 5 wherein said at least qne resource of said collection of 
30 resources sends said processed return signal via said service director. 



7. The system of claim 1, wherein said at least oneVnediation module is based 
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upon a chosen\security policy. 

8. The system of claim 1, wherein said at least one mediation module in said 
processing stack performs encryption. 

9. The systefn of claim 1, wherein said mediation module is a namespace 
manager. 

10. The system <^f claim 1, wherein said mediation module performs 
10 authentication. 

11. The system of claim 1 wherein said mediation module is a secure file system. 

12. The system of claim 1, wherein said service director includes: 
15 a service request classifier that classifies a received service request; and 

a processing stack selector that selects a processing stack based upon said 
classification, and communicates said service request to said selected processing stack. 

13. The system of claim 1, wherein said service director includes a service 
20 request classifier that classifies a service request based upon the type of service request 

and arguments of the service request. 

14. The system of claim 1 further comprising a connection to a network. 
25 15. The system of claim 14 wherein said connection is secure. 

16. The system of claim 14, wherein said network is a virtual private network. 

17. The system of claim 16 wherein said connection is secured. 
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18. The system of claim 17 wherein said connection is secured through 
encryption. 



Basu - 1-1 



5 




19. The system of claim 1 further comprising a compliance supervisor that is 
coupled to said processing stacks, and to said service director, and is adapted for 
receiving security policy information from outside said system. 



20. The system of claim 19, wherein said compliance supervisor receives said 
security policy information from a\ virtual private network. 

21. The system of claim 19, Wherein said compliance supervisor includes a 
10 processing stack modifier that modifies said processing stack based upon a received 

security policy. 



22. The system of claim 19, wherein said compliance supervisor includes a 
processing stack creator that creates a processing stack based upon said security policy. 



23. The system of claim 1, wherein said at least one mediation module includes 
at least one authentication code retriever that retrieves an authentication code and a 
validation system that validates said service request against said authentication code. 



jjj,' 20 24. The system of claim 1 wherein said operating system includes means to 

prevent implication of an operating system breach from an administrative user breach. 

ci \ 

25. The system of claim 1 wherein said service director and said processing 
stacks are embedded in a loadable library of C language executable modules. 

25 

26. The system of claim 1 further comprising\a read-only program store that is 
read by said system upon boot-up. 

27. The system of claim 26, wherein said systerA includes an operating system, 
30 and said read-only program store contains a program module for verifying the operating 

system, and authentication program modules for authenticating software present in said 
memory of said system. 
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28. The system of claim 27 where said software that is authenticated by said 
authentication program\nodules includes software that forms an operating system of said 
system. 



29. The system of claim 28 where said authentication program modules develop 
a cryptographic hash of software to be authenticated. 
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30. A storage medium that stores a control routine for use by a system to assure 
10 security of said system, the control routine including instructions for: 

booting said standalone h^st with an authenticated operating system located on 
said storage medium; 

verifying an operating system\of said system; 

transferring control of said system to operating system on said system when said 
15 operating system on said system is verified. 



31. The storage medium of claim 3^, wherein said control routine verifies said 
operating system of said system by reading executable modules of said operating system 
of said system, determining a cryptographic hash for said executable modules, and 
20 ' comparing said cryptographic hash to a knownwalue. 



25 



32. The storage medium of claim 30 where said control routine further includes 
steps for: ^ 

verifying software that implements a reverse sandbox on said system; and 
transferring control of said standalone host to ^aid reverse sandboxing software. 



33. The storage medium of claim 30 further comprising reverse sandbox 
software to be installed in said system. 



30 34. The storage medium of claim 33 wherein said reverse sandbox software 

includes a service director, a compliance supervisor, and a processing stack including at 
least one mediation module. 
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